Privacy Policy (Splittly)

1) Who We Are (Controller / Business)

2) Information We Collect

We collect information in three ways: (a) information you provide, (b) information collected automatically, and (c) information from third parties (e.g., social login and payment providers).

A. Information you provide to us

Depending on how you use the Service, we may collect:

• Account information: name or username, email address, and job title (if provided).
• User content and service data: information you create or upload while using Splittly (for example, group names, expense details, notes, and related collaboration data).
• Communications: messages you send to us (support requests, feedback, or other inquiries).
• Marketing preferences: your opt-in/opt-out choices for newsletters and marketing emails.

B. Payments and subscriptions

The Service supports online payments and recurring subscriptions. Payment processing is handled by third-party payment processors (“Payment Processors”). We typically receive limited billing-related information such as:

• Subscription status (active/inactive), plan level, renewal dates
• Payment confirmations and transaction identifiers
• Billing contact details as needed for receipts and compliance

We do not store full debit/credit card numbers on our servers. Card data is handled directly by Payment Processors under their own terms and privacy policies.

C. Information collected automatically (cookies, sessions, local storage)

When you visit or use the Service, we may automatically collect:

• Device and usage data: IP address, browser type, device identifiers, operating system, pages/screens viewed, clicks, timestamps, referring/exit pages, and similar activity data.
• Session and authentication data: session identifiers and related tokens necessary to keep you logged in and secure your account.
• Cookies, pixels, and similar technologies: including cookies/web beacons, local storage, and sessions.

D. Analytics and advertising data (including retargeting)

We use analytics tools to understand usage and improve the Service, and we may show ads and run retargeting campaigns. This can involve:

• Analytics identifiers and events (e.g., page views, conversions)
• Advertising identifiers used for interest-based advertising
• Meta/Facebook Pixel events and related identifiers

E. Social login

If you sign in using Google Login, we receive certain profile information from Google (such as your name, email address, and a unique account identifier), depending on the permissions you grant.

3) How We Use Information

We use personal information for the following purposes:

• Provide and operate the Service (account creation, authentication, subscriptions, core functionality).
• Process payments and manage subscriptions (through Payment Processors).
• Communicate with you about the Service (transactional emails, service notices, support responses).
• Send marketing communications if you opt in (newsletters, product updates). You can unsubscribe at any time.
• Analyze, improve, and maintain the Service (debugging, performance, product analytics).
• Advertising and retargeting (including measuring ad performance and showing interest-based ads, where permitted).
• Security and fraud prevention (protect accounts, prevent abuse, enforce our terms).
• Legal compliance (responding to lawful requests, protecting rights, meeting regulatory obligations).

4) Cookies, Tracking, and Interest-Based Advertising

We use cookies, local storage, pixels, and similar technologies to:

• remember preferences and maintain sessions,
• understand usage via analytics,
• measure and improve advertising effectiveness,
• enable retargeting.

Your choices:

• You can control cookies through your browser settings and, where available, our cookie/consent settings.
• You may opt out of certain interest-based advertising through industry opt-out mechanisms (availability varies by region).
• If you are in the EEA/UK/Switzerland, we will seek consent where required for non-essential cookies (e.g., marketing/retargeting).

5) How We Share Information

We may disclose information in the following circumstances:

A. Service providers (processors)

We share information with vendors who help us operate the Service, such as:

• hosting and infrastructure providers,
• analytics providers,
• customer support tools,
• email/newsletter delivery providers,
• Payment Processors.

These providers are authorized to process personal information only as necessary to provide services to us.

B. Advertising and measurement partners

We may share identifiers and event data with advertising partners to run ads, measure performance, and support retargeting (for example, through the Meta/Facebook Pixel), subject to applicable law and your choices.

C. Legal and safety

We may disclose information to comply with law, regulation, legal process, or government request, or to protect the rights, property, and safety of Splittly, our users, or others.

D. Business transfers

If we are involved in a merger, acquisition, financing, due diligence, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to standard confidentiality protections.

E. With your direction

We may share information when you instruct us to do so or provide consent.

6) Data Retention

We keep personal information for as long as reasonably necessary to:

• provide the Service,
• maintain your account and subscriptions,
• comply with legal obligations,
• resolve disputes and enforce agreements.

When you request deletion, we will take reasonable steps to delete or de-identify personal information, subject to legal or operational retention needs (e.g., financial records, fraud prevention, backups).

7) Security

We implement reasonable administrative, technical, and organizational safeguards designed to protect information. However, no security system is perfect, and we cannot guarantee absolute security.

8) International Data Transfers

If you access the Service from outside the United States, your information may be transferred to and processed in the United States and other jurisdictions where we or our service providers operate.

For transfers from the EEA/UK/Switzerland, we use recognized transfer mechanisms where required (such as contractual protections) and apply appropriate safeguards.

9) Your Privacy Rights

A. GDPR (EEA/UK/Switzerland)

If the GDPR applies to you, you may have the right to:

• access your personal data,
• correct inaccurate data,
• request deletion,
• restrict or object to processing,
• data portability,
• withdraw consent (where processing is based on consent),
• lodge a complaint with a data protection authority.

Legal bases (GDPR): We process personal data based on one or more of the following:

• performance of a contract (providing the Service),
• our legitimate interests (security, fraud prevention, product improvement),
• your consent (where required for marketing/retargeting cookies),
• legal obligations.

B. California (CCPA/CPRA)

If you are a California resident, you may have rights to:

• know what personal information we collect, use, disclose, and share,
• request deletion of personal information,
• request correction of inaccurate personal information,
• opt out of the “sale” or “sharing” of personal information (as defined by law),
• limit the use/disclosure of sensitive personal information (if applicable),
• not be discriminated against for exercising your rights.

Opt-out of sale/sharing: Because we use advertising/retargeting tools, some disclosures may be considered “sharing” (and potentially “sale”) under California law. Where required, we provide a method to opt out (for example, a “Do Not Sell or Share My Personal Information” link or equivalent setting).

To exercise California privacy rights, contact us using the details in Section 12. We may need to verify your identity before fulfilling requests. Authorized agents may submit requests on your behalf where permitted by law.

C. Marketing communications

You can opt out of marketing emails at any time by using the unsubscribe link in the email or by contacting us. Transactional/service messages may still be sent when necessary (e.g., receipts, security notices).

10) Do Not Track (CalOPPA)

Some browsers offer a “Do Not Track” (“DNT”) signal. Because there is no consistent industry standard for DNT, we do not respond to DNT signals in a uniform way. You can control tracking through cookie settings, device settings, and opt-out tools where available.

11) Children’s Privacy

Not directed to children under 13: The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete it as soon as practicable. Parents/guardians who believe their child has provided personal information may contact us at support@splittly.io.

12) How to Contact Us

13) Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will revise the “Last Updated” date when changes are posted. If changes are material, we will take additional steps as required by applicable law (for example, prominent notice or consent where required).